Windows Stuff!
Checklist for Windows Junk # Input team ID # Read the Read me # Answer Forensic Questions # Update computer and turn on automatic updates ## This may take quite a while. Since you will know your images ahead, it would be wise to download large, important updates such as service packs for Windows ahead of time and bring them in on a flash drive to be installed immediately- these large updates are the ones that will most likely give points. Ubuntu should upgrade to the latest version and update its software. Run updates in the background while you continue on. # Turn on User Account Control to the highest security setting. If you don't get points for it within a few minutes, feel free to turn it off because it gets really annoying. # Check users (Helpful to do through computer managements -> users and groups in Windows) ## Disable Guest account ya ## Change all passwords to something secure (8 characters, numbers, caps, symbols, ex. "R!verV13w") ## Make sure only accounts listed as admins in the readme are admins ## Remove users not listed anywhere in readme # Disable remote desktop/assistance (unless allowed in readme) # Remove unnecessary programs (add or remove programs in Windows) ## Remove server software, games, hacking tools, and other forbidden software (unless allowed in the readme) # Remove unnecessary Windows features (turn Windows features on or off) ## Remove games, IIS (Internet Information Services), media features, Telnet, etc. (unless allowed in the readme) # Remove unnecessary services (run -> services.msc) ## Anything "remote" except Remote Procedure Call (unless remote desktop/admin is allowed in the readme), Telnet, etc. ## If it doesn't have a description, then it's automatically on the chopping block. Search the name, if it's malicious or if nothing comes up then go properties -> general -> path to executable to find where it is running from. If you'll be disabling the service, you would also do well to delete the executable and probably its containing folder(s). ## DO NOT TOUCH DNS Client, Server, or anything else that seems essential to run the computer! # Change folder options ## Show hidden files, do not hide protected system files, do not hide extensions # Install useful stuff (download this beforehand) ## Security Compliance Manager (http://technet.microsoft.com/library/cc677002.aspx) automatically sets those tedious security policies ## Microsoft Security Essentials for basic antivirus ## Glary Utilities (http://www.glarysoft.com/glary-utilities/download/) has some handy tools in the "advanced tools" menu including startup items, scheduled tasks, a processes list with user ratings (take with a grain of salt), and a software update checker (make sure a specific version of a program isn't required by the readme) # Turn on the firewall ## Specific ports to block or keep can be found on the ports page. # Remove unnecessary shares (computer management- IPC$, C$, and ADMIN$ cannot be removed) # Snoop through user files for prohibited files (programs, pictures, videos, music, etc.) ## Use wildcard searches to speed up this process- for example, searching for "*.mp3" will show all mp3 files on the computer. Make sure hidden files are shown in folder options, and make sure "search hidden files and folders" is enabled in the search menu! ## One way to find hacking tools such as John the Ripper or netcat is to search for "readme" as these tools usually come packed with one, and it is otherwise an uncommon file name. Searching for .exe's is less viable because of the sheer number included in Windows. ## Right click -> open containing folder is your friend! ## If all else fails, just manually look through all folders in a user's account folder. # Look at the file system in general. The temp folder, program files, and users folders are great places to find unnecessary or malicious files. Got this from another team btw